A recent development in the realm of cyber threats reveals that the Mirai botnet variant known as IZ1H9 has undergone a significant update, equipping itself with 13 new exploits. These exploits are specifically designed to target vulnerabilities found in a wide range of Internet of Things (IoT) devices, including routers, IP cameras, and other connected devices. IZ1H9, first identified in August 2018, has gained notoriety for its proactive exploitation of unpatched vulnerabilities in IoT devices, utilizing them in distributed denial-of-service (DDoS) attacks.
Furthermore, this malicious botnet variant has continuously evolved over time, and its most recent update has expanded its arsenal to encompass approximately 30 exploits. These exploits are directed at vulnerabilities found in devices from manufacturers like D-Link, TP-Link, Zyxel, and others. Fortinet, a cybersecurity firm, reported a significant spike in the exploitation of these vulnerabilities on September 6, with thousands of attack attempts recorded.
Additionally, among the newly incorporated exploits, several are aimed at critical-severity flaws within D-Link devices, enabling remote attackers to execute arbitrary code on compromised devices. Additionally, the variant includes exploits for command execution vulnerabilities in IP camera firmware provided by UDP Technology to Geutebruck and other original equipment manufacturers (OEMs).
Moreover, various command injection vulnerabilities in routers, a recent command injection flaw in TP-Link Archer AX21 routers, Yealink Device Management bugs, and a remote code execution (RCE) vulnerability in Zyxel EMG3525 and VMG1312 devices are among the newly added exploits.
Despite the availability of patches for these vulnerabilities, Fortinet notes that IoT devices continue to be attractive targets for threat actors. Remote code execution attacks pose a substantial threat to both IoT devices and Linux servers, with a persistently high number of exploit attempts, often reaching thousands, highlighting the critical need for enhanced security measures.